This is a note to let you know that I've just added the patch titled
cgroup: fix a subtle bug in descendant pre-order walk
to the 3.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cgroup-fix-a-subtle-bug-in-descendant-pre-order-walk.patch
and it can be found in the queue-3.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 7805d000db30a3787a4c969bab6ae4d8a5fd8ce6 Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj@xxxxxxxxxx>
Date: Fri, 24 May 2013 10:50:24 +0900
Subject: cgroup: fix a subtle bug in descendant pre-order walk
From: Tejun Heo <tj@xxxxxxxxxx>
commit 7805d000db30a3787a4c969bab6ae4d8a5fd8ce6 upstream.
When cgroup_next_descendant_pre() initiates a walk, it checks whether
the subtree root doesn't have any children and if not returns NULL.
Later code assumes that the subtree isn't empty. This is broken
because the subtree may become empty inbetween, which can lead to the
traversal escaping the subtree by walking to the sibling of the
subtree root.
There's no reason to have the early exit path. Remove it along with
the later assumption that the subtree isn't empty. This simplifies
the code a bit and fixes the subtle bug.
While at it, fix the comment of cgroup_for_each_descendant_pre() which
was incorrectly referring to ->css_offline() instead of
->css_online().
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Reviewed-by: Michal Hocko <mhocko@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/linux/cgroup.h | 2 +-
kernel/cgroup.c | 9 +++------
2 files changed, 4 insertions(+), 7 deletions(-)
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -570,7 +570,7 @@ struct cgroup *cgroup_rightmost_descenda
*
* If a subsystem synchronizes against the parent in its ->css_online() and
* before starting iterating, and synchronizes against @pos on each
- * iteration, any descendant cgroup which finished ->css_offline() is
+ * iteration, any descendant cgroup which finished ->css_online() is
* guaranteed to be visible in the future iterations.
*
* In other words, the following guarantees that a descendant can't escape
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -3000,11 +3000,8 @@ struct cgroup *cgroup_next_descendant_pr
WARN_ON_ONCE(!rcu_read_lock_held());
/* if first iteration, pretend we just visited @cgroup */
- if (!pos) {
- if (list_empty(&cgroup->children))
- return NULL;
+ if (!pos)
pos = cgroup;
- }
/* visit the first child if exists */
next = list_first_or_null_rcu(&pos->children, struct cgroup, sibling);
@@ -3012,14 +3009,14 @@ struct cgroup *cgroup_next_descendant_pr
return next;
/* no child, visit my or the closest ancestor's next sibling */
- do {
+ while (pos != cgroup) {
next = list_entry_rcu(pos->sibling.next, struct cgroup,
sibling);
if (&next->sibling != &pos->parent->children)
return next;
pos = pos->parent;
- } while (pos != cgroup);
+ }
return NULL;
}
Patches currently in stable-queue which might be from tj@xxxxxxxxxx are
queue-3.9/cgroup-fix-a-subtle-bug-in-descendant-pre-order-walk.patch
queue-3.9/sata_rcar-fix-interrupt-handling.patch
queue-3.9/cgroup-initialize-xattr-before-calling-d_instantiate.patch
queue-3.9/ata_piix-add-pci-ids-for-intel-baytail.patch
queue-3.9/sata_rcar-clear-stop-bit-in-bmdma_start-method.patch
queue-3.9/libata-make-ata_exec_internal_sg-honor-dmadir.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html